mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-07-30 22:43:08 +03:00
Remove RNG from x509 and PK
remove the f_rng and p_rng parameter from x509 and PK. Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
This commit is contained in:
Ben Taylor
@ -1140,17 +1140,11 @@ void mbedtls_x509write_crt_free(mbedtls_x509write_cert *ctx);
|
|||||||
* \param ctx certificate to write away
|
* \param ctx certificate to write away
|
||||||
* \param buf buffer to write to
|
* \param buf buffer to write to
|
||||||
* \param size size of the buffer
|
* \param size size of the buffer
|
||||||
* \param f_rng RNG function. This must not be \c NULL.
|
|
||||||
* \param p_rng RNG parameter
|
|
||||||
*
|
*
|
||||||
* \return length of data written if successful, or a specific
|
* \return length of data written if successful, or a specific
|
||||||
* error code
|
* error code
|
||||||
*
|
|
||||||
* \note \p f_rng is used for the signature operation.
|
|
||||||
*/
|
*/
|
||||||
int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size,
|
int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size);
|
||||||
int (*f_rng)(void *, unsigned char *, size_t),
|
|
||||||
void *p_rng);
|
|
||||||
|
|
||||||
#if defined(MBEDTLS_PEM_WRITE_C)
|
#if defined(MBEDTLS_PEM_WRITE_C)
|
||||||
/**
|
/**
|
||||||
@ -1159,16 +1153,11 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, unsigned char *buf, s
|
|||||||
* \param ctx certificate to write away
|
* \param ctx certificate to write away
|
||||||
* \param buf buffer to write to
|
* \param buf buffer to write to
|
||||||
* \param size size of the buffer
|
* \param size size of the buffer
|
||||||
* \param f_rng RNG function. This must not be \c NULL.
|
|
||||||
* \param p_rng RNG parameter
|
|
||||||
*
|
*
|
||||||
* \return 0 if successful, or a specific error code
|
* \return 0 if successful, or a specific error code
|
||||||
*
|
*
|
||||||
* \note \p f_rng is used for the signature operation.
|
|
||||||
*/
|
*/
|
||||||
int mbedtls_x509write_crt_pem(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size,
|
int mbedtls_x509write_crt_pem(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size);
|
||||||
int (*f_rng)(void *, unsigned char *, size_t),
|
|
||||||
void *p_rng);
|
|
||||||
#endif /* MBEDTLS_PEM_WRITE_C */
|
#endif /* MBEDTLS_PEM_WRITE_C */
|
||||||
#endif /* MBEDTLS_X509_CRT_WRITE_C */
|
#endif /* MBEDTLS_X509_CRT_WRITE_C */
|
||||||
|
|
||||||
|
|||||||
@ -337,17 +337,12 @@ void mbedtls_x509write_csr_free(mbedtls_x509write_csr *ctx);
|
|||||||
* \param ctx CSR to write away
|
* \param ctx CSR to write away
|
||||||
* \param buf buffer to write to
|
* \param buf buffer to write to
|
||||||
* \param size size of the buffer
|
* \param size size of the buffer
|
||||||
* \param f_rng RNG function. This must not be \c NULL.
|
|
||||||
* \param p_rng RNG parameter
|
|
||||||
*
|
*
|
||||||
* \return length of data written if successful, or a specific
|
* \return length of data written if successful, or a specific
|
||||||
* error code
|
* error code
|
||||||
*
|
*
|
||||||
* \note \p f_rng is used for the signature operation.
|
|
||||||
*/
|
*/
|
||||||
int mbedtls_x509write_csr_der(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size,
|
int mbedtls_x509write_csr_der(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size);
|
||||||
int (*f_rng)(void *, unsigned char *, size_t),
|
|
||||||
void *p_rng);
|
|
||||||
|
|
||||||
#if defined(MBEDTLS_PEM_WRITE_C)
|
#if defined(MBEDTLS_PEM_WRITE_C)
|
||||||
/**
|
/**
|
||||||
@ -357,16 +352,11 @@ int mbedtls_x509write_csr_der(mbedtls_x509write_csr *ctx, unsigned char *buf, si
|
|||||||
* \param ctx CSR to write away
|
* \param ctx CSR to write away
|
||||||
* \param buf buffer to write to
|
* \param buf buffer to write to
|
||||||
* \param size size of the buffer
|
* \param size size of the buffer
|
||||||
* \param f_rng RNG function. This must not be \c NULL.
|
|
||||||
* \param p_rng RNG parameter
|
|
||||||
*
|
*
|
||||||
* \return 0 if successful, or a specific error code
|
* \return 0 if successful, or a specific error code
|
||||||
*
|
*
|
||||||
* \note \p f_rng is used for the signature operation.
|
|
||||||
*/
|
*/
|
||||||
int mbedtls_x509write_csr_pem(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size,
|
int mbedtls_x509write_csr_pem(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size);
|
||||||
int (*f_rng)(void *, unsigned char *, size_t),
|
|
||||||
void *p_rng);
|
|
||||||
#endif /* MBEDTLS_PEM_WRITE_C */
|
#endif /* MBEDTLS_PEM_WRITE_C */
|
||||||
#endif /* MBEDTLS_X509_CSR_WRITE_C */
|
#endif /* MBEDTLS_X509_CSR_WRITE_C */
|
||||||
|
|
||||||
|
|||||||
@ -2827,7 +2827,7 @@ sign:
|
|||||||
ssl->out_msg + 6 + offset,
|
ssl->out_msg + 6 + offset,
|
||||||
out_buf_len - 6 - offset,
|
out_buf_len - 6 - offset,
|
||||||
&n,
|
&n,
|
||||||
ssl->conf->f_rng, ssl->conf->p_rng, rs_ctx)) != 0) {
|
rs_ctx)) != 0) {
|
||||||
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_sign", ret);
|
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_sign", ret);
|
||||||
#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
|
#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
|
||||||
if (ret == MBEDTLS_ERR_ECP_IN_PROGRESS) {
|
if (ret == MBEDTLS_ERR_ECP_IN_PROGRESS) {
|
||||||
|
|||||||
@ -3035,9 +3035,7 @@ curve_matching_done:
|
|||||||
md_alg, hash, hashlen,
|
md_alg, hash, hashlen,
|
||||||
ssl->out_msg + ssl->out_msglen + 2,
|
ssl->out_msg + ssl->out_msglen + 2,
|
||||||
out_buf_len - ssl->out_msglen - 2,
|
out_buf_len - ssl->out_msglen - 2,
|
||||||
signature_len,
|
signature_len)) != 0) {
|
||||||
ssl->conf->f_rng,
|
|
||||||
ssl->conf->p_rng)) != 0) {
|
|
||||||
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_sign", ret);
|
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_sign", ret);
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -978,8 +978,7 @@ static int ssl_tls13_write_certificate_verify_body(mbedtls_ssl_context *ssl,
|
|||||||
|
|
||||||
if ((ret = mbedtls_pk_sign_ext(pk_type, own_key,
|
if ((ret = mbedtls_pk_sign_ext(pk_type, own_key,
|
||||||
md_alg, verify_hash, verify_hash_len,
|
md_alg, verify_hash, verify_hash_len,
|
||||||
p + 4, (size_t) (end - (p + 4)), &signature_len,
|
p + 4, (size_t) (end - (p + 4)), &signature_len)) != 0) {
|
||||||
ssl->conf->f_rng, ssl->conf->p_rng)) != 0) {
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG(2, ("CertificateVerify signature failed with %s",
|
MBEDTLS_SSL_DEBUG_MSG(2, ("CertificateVerify signature failed with %s",
|
||||||
mbedtls_ssl_sig_alg_to_str(*sig_alg)));
|
mbedtls_ssl_sig_alg_to_str(*sig_alg)));
|
||||||
MBEDTLS_SSL_DEBUG_RET(2, "mbedtls_pk_sign_ext", ret);
|
MBEDTLS_SSL_DEBUG_RET(2, "mbedtls_pk_sign_ext", ret);
|
||||||
|
|||||||
@ -379,9 +379,7 @@ static int x509_write_time(unsigned char **p, unsigned char *start,
|
|||||||
}
|
}
|
||||||
|
|
||||||
int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx,
|
int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx,
|
||||||
unsigned char *buf, size_t size,
|
unsigned char *buf, size_t size)
|
||||||
int (*f_rng)(void *, unsigned char *, size_t),
|
|
||||||
void *p_rng)
|
|
||||||
{
|
{
|
||||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||||
const char *sig_oid;
|
const char *sig_oid;
|
||||||
@ -571,8 +569,7 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx,
|
|||||||
|
|
||||||
|
|
||||||
if ((ret = mbedtls_pk_sign(ctx->issuer_key, ctx->md_alg,
|
if ((ret = mbedtls_pk_sign(ctx->issuer_key, ctx->md_alg,
|
||||||
hash, hash_length, sig, sizeof(sig), &sig_len,
|
hash, hash_length, sig, sizeof(sig), &sig_len)) != 0) {
|
||||||
f_rng, p_rng)) != 0) {
|
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -614,15 +611,12 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx,
|
|||||||
|
|
||||||
#if defined(MBEDTLS_PEM_WRITE_C)
|
#if defined(MBEDTLS_PEM_WRITE_C)
|
||||||
int mbedtls_x509write_crt_pem(mbedtls_x509write_cert *crt,
|
int mbedtls_x509write_crt_pem(mbedtls_x509write_cert *crt,
|
||||||
unsigned char *buf, size_t size,
|
unsigned char *buf, size_t size)
|
||||||
int (*f_rng)(void *, unsigned char *, size_t),
|
|
||||||
void *p_rng)
|
|
||||||
{
|
{
|
||||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||||
size_t olen;
|
size_t olen;
|
||||||
|
|
||||||
if ((ret = mbedtls_x509write_crt_der(crt, buf, size,
|
if ((ret = mbedtls_x509write_crt_der(crt, buf, size)) < 0) {
|
||||||
f_rng, p_rng)) < 0) {
|
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -131,9 +131,7 @@ int mbedtls_x509write_csr_set_ns_cert_type(mbedtls_x509write_csr *ctx,
|
|||||||
static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx,
|
static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx,
|
||||||
unsigned char *buf,
|
unsigned char *buf,
|
||||||
size_t size,
|
size_t size,
|
||||||
unsigned char *sig, size_t sig_size,
|
unsigned char *sig, size_t sig_size)
|
||||||
int (*f_rng)(void *, unsigned char *, size_t),
|
|
||||||
void *p_rng)
|
|
||||||
{
|
{
|
||||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||||
const char *sig_oid;
|
const char *sig_oid;
|
||||||
@ -218,8 +216,7 @@ static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx,
|
|||||||
return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED;
|
return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED;
|
||||||
}
|
}
|
||||||
if ((ret = mbedtls_pk_sign(ctx->key, ctx->md_alg, hash, 0,
|
if ((ret = mbedtls_pk_sign(ctx->key, ctx->md_alg, hash, 0,
|
||||||
sig, sig_size, &sig_len,
|
sig, sig_size, &sig_len)) != 0) {
|
||||||
f_rng, p_rng)) != 0) {
|
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -274,9 +271,7 @@ static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx,
|
|||||||
}
|
}
|
||||||
|
|
||||||
int mbedtls_x509write_csr_der(mbedtls_x509write_csr *ctx, unsigned char *buf,
|
int mbedtls_x509write_csr_der(mbedtls_x509write_csr *ctx, unsigned char *buf,
|
||||||
size_t size,
|
size_t size)
|
||||||
int (*f_rng)(void *, unsigned char *, size_t),
|
|
||||||
void *p_rng)
|
|
||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
unsigned char *sig;
|
unsigned char *sig;
|
||||||
@ -286,8 +281,7 @@ int mbedtls_x509write_csr_der(mbedtls_x509write_csr *ctx, unsigned char *buf,
|
|||||||
}
|
}
|
||||||
|
|
||||||
ret = x509write_csr_der_internal(ctx, buf, size,
|
ret = x509write_csr_der_internal(ctx, buf, size,
|
||||||
sig, MBEDTLS_PK_SIGNATURE_MAX_SIZE,
|
sig, MBEDTLS_PK_SIGNATURE_MAX_SIZE);
|
||||||
f_rng, p_rng);
|
|
||||||
|
|
||||||
mbedtls_free(sig);
|
mbedtls_free(sig);
|
||||||
|
|
||||||
@ -298,15 +292,12 @@ int mbedtls_x509write_csr_der(mbedtls_x509write_csr *ctx, unsigned char *buf,
|
|||||||
#define PEM_END_CSR "-----END CERTIFICATE REQUEST-----\n"
|
#define PEM_END_CSR "-----END CERTIFICATE REQUEST-----\n"
|
||||||
|
|
||||||
#if defined(MBEDTLS_PEM_WRITE_C)
|
#if defined(MBEDTLS_PEM_WRITE_C)
|
||||||
int mbedtls_x509write_csr_pem(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size,
|
int mbedtls_x509write_csr_pem(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size)
|
||||||
int (*f_rng)(void *, unsigned char *, size_t),
|
|
||||||
void *p_rng)
|
|
||||||
{
|
{
|
||||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||||
size_t olen = 0;
|
size_t olen = 0;
|
||||||
|
|
||||||
if ((ret = mbedtls_x509write_csr_der(ctx, buf, size,
|
if ((ret = mbedtls_x509write_csr_der(ctx, buf, size)) < 0) {
|
||||||
f_rng, p_rng)) < 0) {
|
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -82,8 +82,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
if (mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key,
|
if (mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key,
|
||||||
mbedtls_test_srv_key_len, NULL, 0,
|
mbedtls_test_srv_key_len, NULL, 0) != 0) {
|
||||||
dummy_random, &ctr_drbg) != 0) {
|
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|||||||
@ -44,8 +44,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
|
|||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
ret = mbedtls_pk_parse_key(&pk, Data, Size, NULL, 0,
|
ret = mbedtls_pk_parse_key(&pk, Data, Size, NULL, 0);
|
||||||
dummy_random, &ctr_drbg);
|
|
||||||
if (ret == 0) {
|
if (ret == 0) {
|
||||||
#if defined(MBEDTLS_RSA_C)
|
#if defined(MBEDTLS_RSA_C)
|
||||||
if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_RSA) {
|
if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_RSA) {
|
||||||
|
|||||||
@ -91,8 +91,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
if (mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key,
|
if (mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key,
|
||||||
mbedtls_test_srv_key_len, NULL, 0,
|
mbedtls_test_srv_key_len, NULL, 0) != 0) {
|
||||||
dummy_random, &ctr_drbg) != 0) {
|
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|||||||
@ -248,8 +248,7 @@ usage:
|
|||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
ret = mbedtls_pk_parse_keyfile(&pk, opt.filename, opt.password,
|
ret = mbedtls_pk_parse_keyfile(&pk, opt.filename, opt.password);
|
||||||
mbedtls_ctr_drbg_random, &ctr_drbg);
|
|
||||||
|
|
||||||
if (ret != 0) {
|
if (ret != 0) {
|
||||||
mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x\n",
|
mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x\n",
|
||||||
|
|||||||
@ -363,8 +363,7 @@ usage:
|
|||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
ret = mbedtls_pk_parse_keyfile(&key, opt.filename, NULL,
|
ret = mbedtls_pk_parse_keyfile(&key, opt.filename, NULL);
|
||||||
mbedtls_ctr_drbg_random, &ctr_drbg);
|
|
||||||
if (ret != 0) {
|
if (ret != 0) {
|
||||||
mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x",
|
mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x",
|
||||||
(unsigned int) -ret);
|
(unsigned int) -ret);
|
||||||
|
|||||||
@ -89,8 +89,7 @@ int main(int argc, char *argv[])
|
|||||||
mbedtls_printf("\n . Reading private key from '%s'", argv[1]);
|
mbedtls_printf("\n . Reading private key from '%s'", argv[1]);
|
||||||
fflush(stdout);
|
fflush(stdout);
|
||||||
|
|
||||||
if ((ret = mbedtls_pk_parse_keyfile(&pk, argv[1], "",
|
if ((ret = mbedtls_pk_parse_keyfile(&pk, argv[1], "")) != 0) {
|
||||||
mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
|
|
||||||
mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x\n",
|
mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x\n",
|
||||||
(unsigned int) -ret);
|
(unsigned int) -ret);
|
||||||
goto exit;
|
goto exit;
|
||||||
@ -119,8 +118,7 @@ int main(int argc, char *argv[])
|
|||||||
mbedtls_printf("\n . Decrypting the encrypted data");
|
mbedtls_printf("\n . Decrypting the encrypted data");
|
||||||
fflush(stdout);
|
fflush(stdout);
|
||||||
|
|
||||||
if ((ret = mbedtls_pk_decrypt(&pk, buf, i, result, &olen, sizeof(result),
|
if ((ret = mbedtls_pk_decrypt(&pk, buf, i, result, &olen, sizeof(result))) != 0) {
|
||||||
mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
|
|
||||||
mbedtls_printf(" failed\n ! mbedtls_pk_decrypt returned -0x%04x\n",
|
mbedtls_printf(" failed\n ! mbedtls_pk_decrypt returned -0x%04x\n",
|
||||||
(unsigned int) -ret);
|
(unsigned int) -ret);
|
||||||
goto exit;
|
goto exit;
|
||||||
|
|||||||
@ -105,8 +105,7 @@ int main(int argc, char *argv[])
|
|||||||
fflush(stdout);
|
fflush(stdout);
|
||||||
|
|
||||||
if ((ret = mbedtls_pk_encrypt(&pk, input, strlen(argv[2]),
|
if ((ret = mbedtls_pk_encrypt(&pk, input, strlen(argv[2]),
|
||||||
buf, &olen, sizeof(buf),
|
buf, &olen, sizeof(buf))) != 0) {
|
||||||
mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
|
|
||||||
mbedtls_printf(" failed\n ! mbedtls_pk_encrypt returned -0x%04x\n",
|
mbedtls_printf(" failed\n ! mbedtls_pk_encrypt returned -0x%04x\n",
|
||||||
(unsigned int) -ret);
|
(unsigned int) -ret);
|
||||||
goto exit;
|
goto exit;
|
||||||
|
|||||||
@ -85,8 +85,7 @@ int main(int argc, char *argv[])
|
|||||||
mbedtls_printf("\n . Reading private key from '%s'", argv[1]);
|
mbedtls_printf("\n . Reading private key from '%s'", argv[1]);
|
||||||
fflush(stdout);
|
fflush(stdout);
|
||||||
|
|
||||||
if ((ret = mbedtls_pk_parse_keyfile(&pk, argv[1], "",
|
if ((ret = mbedtls_pk_parse_keyfile(&pk, argv[1], "")) != 0) {
|
||||||
mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
|
|
||||||
mbedtls_printf(" failed\n ! Could not parse '%s'\n", argv[1]);
|
mbedtls_printf(" failed\n ! Could not parse '%s'\n", argv[1]);
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
@ -106,8 +105,7 @@ int main(int argc, char *argv[])
|
|||||||
}
|
}
|
||||||
|
|
||||||
if ((ret = mbedtls_pk_sign(&pk, MBEDTLS_MD_SHA256, hash, 0,
|
if ((ret = mbedtls_pk_sign(&pk, MBEDTLS_MD_SHA256, hash, 0,
|
||||||
buf, sizeof(buf), &olen,
|
buf, sizeof(buf), &olen)) != 0) {
|
||||||
mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
|
|
||||||
mbedtls_printf(" failed\n ! mbedtls_pk_sign returned -0x%04x\n", (unsigned int) -ret);
|
mbedtls_printf(" failed\n ! mbedtls_pk_sign returned -0x%04x\n", (unsigned int) -ret);
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -86,8 +86,7 @@ int main(int argc, char *argv[])
|
|||||||
mbedtls_printf("\n . Reading private key from '%s'", argv[1]);
|
mbedtls_printf("\n . Reading private key from '%s'", argv[1]);
|
||||||
fflush(stdout);
|
fflush(stdout);
|
||||||
|
|
||||||
if ((ret = mbedtls_pk_parse_keyfile(&pk, argv[1], "",
|
if ((ret = mbedtls_pk_parse_keyfile(&pk, argv[1], "")) != 0) {
|
||||||
mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
|
|
||||||
mbedtls_printf(" failed\n ! Could not read key from '%s'\n", argv[1]);
|
mbedtls_printf(" failed\n ! Could not read key from '%s'\n", argv[1]);
|
||||||
mbedtls_printf(" ! mbedtls_pk_parse_public_keyfile returned %d\n\n", ret);
|
mbedtls_printf(" ! mbedtls_pk_parse_public_keyfile returned %d\n\n", ret);
|
||||||
goto exit;
|
goto exit;
|
||||||
@ -120,8 +119,7 @@ int main(int argc, char *argv[])
|
|||||||
}
|
}
|
||||||
|
|
||||||
if ((ret = mbedtls_pk_sign(&pk, MBEDTLS_MD_SHA256, hash, 0,
|
if ((ret = mbedtls_pk_sign(&pk, MBEDTLS_MD_SHA256, hash, 0,
|
||||||
buf, sizeof(buf), &olen,
|
buf, sizeof(buf), &olen)) != 0) {
|
||||||
mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
|
|
||||||
mbedtls_printf(" failed\n ! mbedtls_pk_sign returned %d\n\n", ret);
|
mbedtls_printf(" failed\n ! mbedtls_pk_sign returned %d\n\n", ret);
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -165,9 +165,7 @@ int main(void)
|
|||||||
(const unsigned char *) mbedtls_test_srv_key,
|
(const unsigned char *) mbedtls_test_srv_key,
|
||||||
mbedtls_test_srv_key_len,
|
mbedtls_test_srv_key_len,
|
||||||
NULL,
|
NULL,
|
||||||
0,
|
0);
|
||||||
mbedtls_ctr_drbg_random,
|
|
||||||
&ctr_drbg);
|
|
||||||
if (ret != 0) {
|
if (ret != 0) {
|
||||||
printf(" failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret);
|
printf(" failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret);
|
||||||
goto exit;
|
goto exit;
|
||||||
|
|||||||
@ -1736,12 +1736,12 @@ usage:
|
|||||||
} else
|
} else
|
||||||
#if defined(MBEDTLS_FS_IO)
|
#if defined(MBEDTLS_FS_IO)
|
||||||
if (strlen(opt.key_file)) {
|
if (strlen(opt.key_file)) {
|
||||||
ret = mbedtls_pk_parse_keyfile(&pkey, opt.key_file, opt.key_pwd, rng_get, &rng);
|
ret = mbedtls_pk_parse_keyfile(&pkey, opt.key_file, opt.key_pwd);
|
||||||
} else
|
} else
|
||||||
#endif
|
#endif
|
||||||
{ ret = mbedtls_pk_parse_key(&pkey,
|
{ ret = mbedtls_pk_parse_key(&pkey,
|
||||||
(const unsigned char *) mbedtls_test_cli_key,
|
(const unsigned char *) mbedtls_test_cli_key,
|
||||||
mbedtls_test_cli_key_len, NULL, 0, rng_get, &rng); }
|
mbedtls_test_cli_key_len, NULL, 0); }
|
||||||
if (ret != 0) {
|
if (ret != 0) {
|
||||||
mbedtls_printf(" failed\n ! mbedtls_pk_parse_key returned -0x%x\n\n",
|
mbedtls_printf(" failed\n ! mbedtls_pk_parse_key returned -0x%x\n\n",
|
||||||
(unsigned int) -ret);
|
(unsigned int) -ret);
|
||||||
|
|||||||
@ -138,8 +138,7 @@ int main(void)
|
|||||||
}
|
}
|
||||||
|
|
||||||
ret = mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key,
|
ret = mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key,
|
||||||
mbedtls_test_srv_key_len, NULL, 0,
|
mbedtls_test_srv_key_len, NULL, 0);
|
||||||
mbedtls_ctr_drbg_random, &ctr_drbg);
|
|
||||||
if (ret != 0) {
|
if (ret != 0) {
|
||||||
mbedtls_printf(" failed! mbedtls_pk_parse_key returned %d\n\n", ret);
|
mbedtls_printf(" failed! mbedtls_pk_parse_key returned %d\n\n", ret);
|
||||||
goto exit;
|
goto exit;
|
||||||
|
|||||||
@ -514,8 +514,7 @@ usage:
|
|||||||
|
|
||||||
#if defined(MBEDTLS_FS_IO)
|
#if defined(MBEDTLS_FS_IO)
|
||||||
if (strlen(opt.key_file)) {
|
if (strlen(opt.key_file)) {
|
||||||
ret = mbedtls_pk_parse_keyfile(&pkey, opt.key_file, "",
|
ret = mbedtls_pk_parse_keyfile(&pkey, opt.key_file, "");
|
||||||
mbedtls_ctr_drbg_random, &ctr_drbg);
|
|
||||||
} else
|
} else
|
||||||
#endif
|
#endif
|
||||||
#if defined(MBEDTLS_PEM_PARSE_C)
|
#if defined(MBEDTLS_PEM_PARSE_C)
|
||||||
@ -524,9 +523,7 @@ usage:
|
|||||||
(const unsigned char *) mbedtls_test_cli_key,
|
(const unsigned char *) mbedtls_test_cli_key,
|
||||||
mbedtls_test_cli_key_len,
|
mbedtls_test_cli_key_len,
|
||||||
NULL,
|
NULL,
|
||||||
0,
|
0);
|
||||||
mbedtls_ctr_drbg_random,
|
|
||||||
&ctr_drbg);
|
|
||||||
}
|
}
|
||||||
#else
|
#else
|
||||||
{
|
{
|
||||||
|
|||||||
@ -379,8 +379,7 @@ int main(void)
|
|||||||
|
|
||||||
mbedtls_pk_init(&pkey);
|
mbedtls_pk_init(&pkey);
|
||||||
ret = mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key,
|
ret = mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key,
|
||||||
mbedtls_test_srv_key_len, NULL, 0,
|
mbedtls_test_srv_key_len, NULL, 0);
|
||||||
mbedtls_ctr_drbg_random, &ctr_drbg);
|
|
||||||
if (ret != 0) {
|
if (ret != 0) {
|
||||||
mbedtls_printf(" failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret);
|
mbedtls_printf(" failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret);
|
||||||
goto exit;
|
goto exit;
|
||||||
|
|||||||
@ -144,8 +144,7 @@ int main(void)
|
|||||||
}
|
}
|
||||||
|
|
||||||
ret = mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key,
|
ret = mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key,
|
||||||
mbedtls_test_srv_key_len, NULL, 0,
|
mbedtls_test_srv_key_len, NULL, 0);
|
||||||
mbedtls_ctr_drbg_random, &ctr_drbg);
|
|
||||||
if (ret != 0) {
|
if (ret != 0) {
|
||||||
mbedtls_printf(" failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret);
|
mbedtls_printf(" failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret);
|
||||||
goto exit;
|
goto exit;
|
||||||
|
|||||||
@ -824,7 +824,7 @@ static sni_entry *sni_parse(char *sni_string)
|
|||||||
mbedtls_pk_init(new->key);
|
mbedtls_pk_init(new->key);
|
||||||
|
|
||||||
if (mbedtls_x509_crt_parse_file(new->cert, crt_file) != 0 ||
|
if (mbedtls_x509_crt_parse_file(new->cert, crt_file) != 0 ||
|
||||||
mbedtls_pk_parse_keyfile(new->key, key_file, "", rng_get, &rng) != 0) {
|
mbedtls_pk_parse_keyfile(new->key, key_file, "") != 0) {
|
||||||
goto error;
|
goto error;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1175,8 +1175,7 @@ static int ssl_async_start(mbedtls_ssl_context *ssl,
|
|||||||
* public key. */
|
* public key. */
|
||||||
for (slot = 0; slot < config_data->slots_used; slot++) {
|
for (slot = 0; slot < config_data->slots_used; slot++) {
|
||||||
if (mbedtls_pk_check_pair(&cert->pk,
|
if (mbedtls_pk_check_pair(&cert->pk,
|
||||||
config_data->slots[slot].pk,
|
config_data->slots[slot].pk) == 0) {
|
||||||
rng_get, &rng) == 0) {
|
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -1247,12 +1246,16 @@ static int ssl_async_resume(mbedtls_ssl_context *ssl,
|
|||||||
}
|
}
|
||||||
|
|
||||||
switch (ctx->operation_type) {
|
switch (ctx->operation_type) {
|
||||||
|
case ASYNC_OP_DECRYPT:
|
||||||
|
ret = mbedtls_pk_decrypt(key_slot->pk,
|
||||||
|
ctx->input, ctx->input_len,
|
||||||
|
output, output_len, output_size);
|
||||||
|
break;
|
||||||
case ASYNC_OP_SIGN:
|
case ASYNC_OP_SIGN:
|
||||||
ret = mbedtls_pk_sign(key_slot->pk,
|
ret = mbedtls_pk_sign(key_slot->pk,
|
||||||
ctx->md_alg,
|
ctx->md_alg,
|
||||||
ctx->input, ctx->input_len,
|
ctx->input, ctx->input_len,
|
||||||
output, output_size, output_len,
|
output, output_size, output_len);
|
||||||
config_data->f_rng, config_data->p_rng);
|
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
mbedtls_printf(
|
mbedtls_printf(
|
||||||
@ -2637,7 +2640,7 @@ usage:
|
|||||||
if (strlen(opt.key_file) && strcmp(opt.key_file, "none") != 0) {
|
if (strlen(opt.key_file) && strcmp(opt.key_file, "none") != 0) {
|
||||||
key_cert_init++;
|
key_cert_init++;
|
||||||
if ((ret = mbedtls_pk_parse_keyfile(&pkey, opt.key_file,
|
if ((ret = mbedtls_pk_parse_keyfile(&pkey, opt.key_file,
|
||||||
opt.key_pwd, rng_get, &rng)) != 0) {
|
opt.key_pwd)) != 0) {
|
||||||
mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile returned -0x%x\n\n",
|
mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile returned -0x%x\n\n",
|
||||||
(unsigned int) -ret);
|
(unsigned int) -ret);
|
||||||
goto exit;
|
goto exit;
|
||||||
@ -2659,7 +2662,7 @@ usage:
|
|||||||
if (strlen(opt.key_file2) && strcmp(opt.key_file2, "none") != 0) {
|
if (strlen(opt.key_file2) && strcmp(opt.key_file2, "none") != 0) {
|
||||||
key_cert_init2++;
|
key_cert_init2++;
|
||||||
if ((ret = mbedtls_pk_parse_keyfile(&pkey2, opt.key_file2,
|
if ((ret = mbedtls_pk_parse_keyfile(&pkey2, opt.key_file2,
|
||||||
opt.key_pwd2, rng_get, &rng)) != 0) {
|
opt.key_pwd2)) != 0) {
|
||||||
mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile(2) returned -0x%x\n\n",
|
mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile(2) returned -0x%x\n\n",
|
||||||
(unsigned int) -ret);
|
(unsigned int) -ret);
|
||||||
goto exit;
|
goto exit;
|
||||||
@ -2686,8 +2689,7 @@ usage:
|
|||||||
}
|
}
|
||||||
if ((ret = mbedtls_pk_parse_key(&pkey,
|
if ((ret = mbedtls_pk_parse_key(&pkey,
|
||||||
(const unsigned char *) mbedtls_test_srv_key_rsa,
|
(const unsigned char *) mbedtls_test_srv_key_rsa,
|
||||||
mbedtls_test_srv_key_rsa_len, NULL, 0,
|
mbedtls_test_srv_key_rsa_len, NULL, 0)) != 0) {
|
||||||
rng_get, &rng)) != 0) {
|
|
||||||
mbedtls_printf(" failed\n ! mbedtls_pk_parse_key returned -0x%x\n\n",
|
mbedtls_printf(" failed\n ! mbedtls_pk_parse_key returned -0x%x\n\n",
|
||||||
(unsigned int) -ret);
|
(unsigned int) -ret);
|
||||||
goto exit;
|
goto exit;
|
||||||
@ -2704,8 +2706,7 @@ usage:
|
|||||||
}
|
}
|
||||||
if ((ret = mbedtls_pk_parse_key(&pkey2,
|
if ((ret = mbedtls_pk_parse_key(&pkey2,
|
||||||
(const unsigned char *) mbedtls_test_srv_key_ec,
|
(const unsigned char *) mbedtls_test_srv_key_ec,
|
||||||
mbedtls_test_srv_key_ec_len, NULL, 0,
|
mbedtls_test_srv_key_ec_len, NULL, 0)) != 0) {
|
||||||
rng_get, &rng)) != 0) {
|
|
||||||
mbedtls_printf(" failed\n ! pk_parse_key2 returned -0x%x\n\n",
|
mbedtls_printf(" failed\n ! pk_parse_key2 returned -0x%x\n\n",
|
||||||
(unsigned int) -ret);
|
(unsigned int) -ret);
|
||||||
goto exit;
|
goto exit;
|
||||||
|
|||||||
@ -109,9 +109,7 @@ struct options {
|
|||||||
mbedtls_md_type_t md_alg; /* Hash algorithm used for signature. */
|
mbedtls_md_type_t md_alg; /* Hash algorithm used for signature. */
|
||||||
} opt;
|
} opt;
|
||||||
|
|
||||||
static int write_certificate_request(mbedtls_x509write_csr *req, const char *output_file,
|
static int write_certificate_request(mbedtls_x509write_csr *req, const char *output_file)
|
||||||
int (*f_rng)(void *, unsigned char *, size_t),
|
|
||||||
void *p_rng)
|
|
||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
FILE *f;
|
FILE *f;
|
||||||
@ -119,7 +117,7 @@ static int write_certificate_request(mbedtls_x509write_csr *req, const char *out
|
|||||||
size_t len = 0;
|
size_t len = 0;
|
||||||
|
|
||||||
memset(output_buf, 0, 4096);
|
memset(output_buf, 0, 4096);
|
||||||
if ((ret = mbedtls_x509write_csr_pem(req, output_buf, 4096, f_rng, p_rng)) < 0) {
|
if ((ret = mbedtls_x509write_csr_pem(req, output_buf, 4096)) < 0) {
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -454,8 +452,7 @@ usage:
|
|||||||
mbedtls_printf(" . Loading the private key ...");
|
mbedtls_printf(" . Loading the private key ...");
|
||||||
fflush(stdout);
|
fflush(stdout);
|
||||||
|
|
||||||
ret = mbedtls_pk_parse_keyfile(&key, opt.filename, opt.password,
|
ret = mbedtls_pk_parse_keyfile(&key, opt.filename, opt.password);
|
||||||
mbedtls_ctr_drbg_random, &ctr_drbg);
|
|
||||||
|
|
||||||
if (ret != 0) {
|
if (ret != 0) {
|
||||||
mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile returned %d", ret);
|
mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile returned %d", ret);
|
||||||
@ -472,8 +469,7 @@ usage:
|
|||||||
mbedtls_printf(" . Writing the certificate request ...");
|
mbedtls_printf(" . Writing the certificate request ...");
|
||||||
fflush(stdout);
|
fflush(stdout);
|
||||||
|
|
||||||
if ((ret = write_certificate_request(&req, opt.output_file,
|
if ((ret = write_certificate_request(&req, opt.output_file)) != 0) {
|
||||||
mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
|
|
||||||
mbedtls_printf(" failed\n ! write_certificate_request %d", ret);
|
mbedtls_printf(" failed\n ! write_certificate_request %d", ret);
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -206,9 +206,7 @@ struct options {
|
|||||||
int format; /* format */
|
int format; /* format */
|
||||||
} opt;
|
} opt;
|
||||||
|
|
||||||
static int write_certificate(mbedtls_x509write_cert *crt, const char *output_file,
|
static int write_certificate(mbedtls_x509write_cert *crt, const char *output_file)
|
||||||
int (*f_rng)(void *, unsigned char *, size_t),
|
|
||||||
void *p_rng)
|
|
||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
FILE *f;
|
FILE *f;
|
||||||
@ -218,8 +216,7 @@ static int write_certificate(mbedtls_x509write_cert *crt, const char *output_fil
|
|||||||
|
|
||||||
memset(output_buf, 0, 4096);
|
memset(output_buf, 0, 4096);
|
||||||
if (opt.format == FORMAT_DER) {
|
if (opt.format == FORMAT_DER) {
|
||||||
ret = mbedtls_x509write_crt_der(crt, output_buf, 4096,
|
ret = mbedtls_x509write_crt_der(crt, output_buf, 4096);
|
||||||
f_rng, p_rng);
|
|
||||||
if (ret < 0) {
|
if (ret < 0) {
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
@ -227,8 +224,7 @@ static int write_certificate(mbedtls_x509write_cert *crt, const char *output_fil
|
|||||||
len = ret;
|
len = ret;
|
||||||
output_start = output_buf + 4096 - len;
|
output_start = output_buf + 4096 - len;
|
||||||
} else {
|
} else {
|
||||||
ret = mbedtls_x509write_crt_pem(crt, output_buf, 4096,
|
ret = mbedtls_x509write_crt_pem(crt, output_buf, 4096);
|
||||||
f_rng, p_rng);
|
|
||||||
if (ret < 0) {
|
if (ret < 0) {
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
@ -780,7 +776,7 @@ usage:
|
|||||||
fflush(stdout);
|
fflush(stdout);
|
||||||
|
|
||||||
ret = mbedtls_pk_parse_keyfile(&loaded_subject_key, opt.subject_key,
|
ret = mbedtls_pk_parse_keyfile(&loaded_subject_key, opt.subject_key,
|
||||||
opt.subject_pwd, mbedtls_ctr_drbg_random, &ctr_drbg);
|
opt.subject_pwd);
|
||||||
if (ret != 0) {
|
if (ret != 0) {
|
||||||
mbedtls_strerror(ret, buf, sizeof(buf));
|
mbedtls_strerror(ret, buf, sizeof(buf));
|
||||||
mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile "
|
mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile "
|
||||||
@ -795,7 +791,7 @@ usage:
|
|||||||
fflush(stdout);
|
fflush(stdout);
|
||||||
|
|
||||||
ret = mbedtls_pk_parse_keyfile(&loaded_issuer_key, opt.issuer_key,
|
ret = mbedtls_pk_parse_keyfile(&loaded_issuer_key, opt.issuer_key,
|
||||||
opt.issuer_pwd, mbedtls_ctr_drbg_random, &ctr_drbg);
|
opt.issuer_pwd);
|
||||||
if (ret != 0) {
|
if (ret != 0) {
|
||||||
mbedtls_strerror(ret, buf, sizeof(buf));
|
mbedtls_strerror(ret, buf, sizeof(buf));
|
||||||
mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile "
|
mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile "
|
||||||
@ -806,8 +802,7 @@ usage:
|
|||||||
// Check if key and issuer certificate match
|
// Check if key and issuer certificate match
|
||||||
//
|
//
|
||||||
if (strlen(opt.issuer_crt)) {
|
if (strlen(opt.issuer_crt)) {
|
||||||
if (mbedtls_pk_check_pair(&issuer_crt.pk, issuer_key,
|
if (mbedtls_pk_check_pair(&issuer_crt.pk, issuer_key) != 0) {
|
||||||
mbedtls_ctr_drbg_random, &ctr_drbg) != 0) {
|
|
||||||
mbedtls_printf(" failed\n ! issuer_key does not match "
|
mbedtls_printf(" failed\n ! issuer_key does not match "
|
||||||
"issuer certificate\n\n");
|
"issuer certificate\n\n");
|
||||||
goto exit;
|
goto exit;
|
||||||
@ -984,8 +979,7 @@ usage:
|
|||||||
mbedtls_printf(" . Writing the certificate...");
|
mbedtls_printf(" . Writing the certificate...");
|
||||||
fflush(stdout);
|
fflush(stdout);
|
||||||
|
|
||||||
if ((ret = write_certificate(&crt, opt.output_file,
|
if ((ret = write_certificate(&crt, opt.output_file)) != 0) {
|
||||||
mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
|
|
||||||
mbedtls_strerror(ret, buf, sizeof(buf));
|
mbedtls_strerror(ret, buf, sizeof(buf));
|
||||||
mbedtls_printf(" failed\n ! write_certificate -0x%04x - %s\n\n",
|
mbedtls_printf(" failed\n ! write_certificate -0x%04x - %s\n\n",
|
||||||
(unsigned int) -ret, buf);
|
(unsigned int) -ret, buf);
|
||||||
|
|||||||
@ -652,8 +652,7 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep,
|
|||||||
ret = mbedtls_pk_parse_key(
|
ret = mbedtls_pk_parse_key(
|
||||||
cert->pkey,
|
cert->pkey,
|
||||||
(const unsigned char *) mbedtls_test_srv_key_rsa_der,
|
(const unsigned char *) mbedtls_test_srv_key_rsa_der,
|
||||||
mbedtls_test_srv_key_rsa_der_len, NULL, 0,
|
mbedtls_test_srv_key_rsa_der_len, NULL, 0);
|
||||||
mbedtls_test_rnd_std_rand, NULL);
|
|
||||||
TEST_ASSERT(ret == 0);
|
TEST_ASSERT(ret == 0);
|
||||||
} else {
|
} else {
|
||||||
ret = mbedtls_x509_crt_parse(
|
ret = mbedtls_x509_crt_parse(
|
||||||
@ -665,8 +664,7 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep,
|
|||||||
ret = mbedtls_pk_parse_key(
|
ret = mbedtls_pk_parse_key(
|
||||||
cert->pkey,
|
cert->pkey,
|
||||||
(const unsigned char *) mbedtls_test_srv_key_ec_der,
|
(const unsigned char *) mbedtls_test_srv_key_ec_der,
|
||||||
mbedtls_test_srv_key_ec_der_len, NULL, 0,
|
mbedtls_test_srv_key_ec_der_len, NULL, 0);
|
||||||
mbedtls_test_rnd_std_rand, NULL);
|
|
||||||
TEST_ASSERT(ret == 0);
|
TEST_ASSERT(ret == 0);
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
@ -680,8 +678,7 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep,
|
|||||||
ret = mbedtls_pk_parse_key(
|
ret = mbedtls_pk_parse_key(
|
||||||
cert->pkey,
|
cert->pkey,
|
||||||
(const unsigned char *) mbedtls_test_cli_key_rsa_der,
|
(const unsigned char *) mbedtls_test_cli_key_rsa_der,
|
||||||
mbedtls_test_cli_key_rsa_der_len, NULL, 0,
|
mbedtls_test_cli_key_rsa_der_len, NULL, 0);
|
||||||
mbedtls_test_rnd_std_rand, NULL);
|
|
||||||
TEST_ASSERT(ret == 0);
|
TEST_ASSERT(ret == 0);
|
||||||
} else {
|
} else {
|
||||||
ret = mbedtls_x509_crt_parse(
|
ret = mbedtls_x509_crt_parse(
|
||||||
@ -693,8 +690,7 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep,
|
|||||||
ret = mbedtls_pk_parse_key(
|
ret = mbedtls_pk_parse_key(
|
||||||
cert->pkey,
|
cert->pkey,
|
||||||
(const unsigned char *) mbedtls_test_cli_key_ec_der,
|
(const unsigned char *) mbedtls_test_cli_key_ec_der,
|
||||||
mbedtls_test_cli_key_ec_der_len, NULL, 0,
|
mbedtls_test_cli_key_ec_der_len, NULL, 0);
|
||||||
mbedtls_test_rnd_std_rand, NULL);
|
|
||||||
TEST_ASSERT(ret == 0);
|
TEST_ASSERT(ret == 0);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -23,13 +23,18 @@ static int mbedtls_rsa_decrypt_func(void *ctx, size_t *olen,
|
|||||||
return mbedtls_rsa_pkcs1_decrypt((mbedtls_rsa_context *) ctx, NULL, NULL,
|
return mbedtls_rsa_pkcs1_decrypt((mbedtls_rsa_context *) ctx, NULL, NULL,
|
||||||
olen, input, output, output_max_len);
|
olen, input, output, output_max_len);
|
||||||
}
|
}
|
||||||
|
|
||||||
static int mbedtls_rsa_sign_func(void *ctx,
|
static int mbedtls_rsa_sign_func(void *ctx,
|
||||||
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
|
|
||||||
mbedtls_md_type_t md_alg, unsigned int hashlen,
|
mbedtls_md_type_t md_alg, unsigned int hashlen,
|
||||||
const unsigned char *hash, unsigned char *sig)
|
const unsigned char *hash, unsigned char *sig)
|
||||||
{
|
{
|
||||||
return mbedtls_rsa_pkcs1_sign((mbedtls_rsa_context *) ctx, f_rng, p_rng,
|
return mbedtls_rsa_pkcs1_sign((mbedtls_rsa_context *) ctx,
|
||||||
md_alg, hashlen, hash, sig);
|
mbedtls_psa_get_random,
|
||||||
|
MBEDTLS_PSA_RANDOM_STATE,
|
||||||
|
md_alg,
|
||||||
|
hashlen,
|
||||||
|
hash,
|
||||||
|
sig);
|
||||||
}
|
}
|
||||||
static size_t mbedtls_rsa_key_len_func(void *ctx)
|
static size_t mbedtls_rsa_key_len_func(void *ctx)
|
||||||
{
|
{
|
||||||
@ -210,8 +215,7 @@ void x509_csr_check(char *key_file, char *cert_req_check_file, int md_type,
|
|||||||
mbedtls_pk_init(&key);
|
mbedtls_pk_init(&key);
|
||||||
MD_OR_USE_PSA_INIT();
|
MD_OR_USE_PSA_INIT();
|
||||||
|
|
||||||
TEST_ASSERT(mbedtls_pk_parse_keyfile(&key, key_file, NULL,
|
TEST_ASSERT(mbedtls_pk_parse_keyfile(&key, key_file, NULL) == 0);
|
||||||
mbedtls_test_rnd_std_rand, NULL) == 0);
|
|
||||||
|
|
||||||
mbedtls_x509write_csr_set_md_alg(&req, md_type);
|
mbedtls_x509write_csr_set_md_alg(&req, md_type);
|
||||||
mbedtls_x509write_csr_set_key(&req, &key);
|
mbedtls_x509write_csr_set_key(&req, &key);
|
||||||
@ -229,8 +233,7 @@ void x509_csr_check(char *key_file, char *cert_req_check_file, int md_type,
|
|||||||
TEST_ASSERT(mbedtls_x509write_csr_set_subject_alternative_name(&req, san_list) == 0);
|
TEST_ASSERT(mbedtls_x509write_csr_set_subject_alternative_name(&req, san_list) == 0);
|
||||||
}
|
}
|
||||||
|
|
||||||
ret = mbedtls_x509write_csr_pem(&req, buf, sizeof(buf),
|
ret = mbedtls_x509write_csr_pem(&req, buf, sizeof(buf));
|
||||||
mbedtls_test_rnd_pseudo_rand, &rnd_info);
|
|
||||||
TEST_ASSERT(ret == 0);
|
TEST_ASSERT(ret == 0);
|
||||||
|
|
||||||
pem_len = strlen((char *) buf);
|
pem_len = strlen((char *) buf);
|
||||||
@ -254,9 +257,7 @@ void x509_csr_check(char *key_file, char *cert_req_check_file, int md_type,
|
|||||||
TEST_ASSERT(memcmp(buf, check_buf, pem_len - 1) == 0);
|
TEST_ASSERT(memcmp(buf, check_buf, pem_len - 1) == 0);
|
||||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||||
|
|
||||||
der_len = mbedtls_x509write_csr_der(&req, buf, sizeof(buf),
|
der_len = mbedtls_x509write_csr_der(&req, buf, sizeof(buf));
|
||||||
mbedtls_test_rnd_pseudo_rand,
|
|
||||||
&rnd_info);
|
|
||||||
TEST_ASSERT(der_len >= 0);
|
TEST_ASSERT(der_len >= 0);
|
||||||
|
|
||||||
if (der_len == 0) {
|
if (der_len == 0) {
|
||||||
@ -271,8 +272,7 @@ void x509_csr_check(char *key_file, char *cert_req_check_file, int md_type,
|
|||||||
#else
|
#else
|
||||||
der_len -= 1;
|
der_len -= 1;
|
||||||
#endif
|
#endif
|
||||||
ret = mbedtls_x509write_csr_der(&req, buf, (size_t) (der_len),
|
ret = mbedtls_x509write_csr_der(&req, buf, (size_t) (der_len));
|
||||||
mbedtls_test_rnd_pseudo_rand, &rnd_info);
|
|
||||||
TEST_ASSERT(ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL);
|
TEST_ASSERT(ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL);
|
||||||
|
|
||||||
exit:
|
exit:
|
||||||
@ -306,8 +306,7 @@ void x509_csr_check_opaque(char *key_file, int md_type, int key_usage,
|
|||||||
|
|
||||||
memset(&rnd_info, 0x2a, sizeof(mbedtls_test_rnd_pseudo_info));
|
memset(&rnd_info, 0x2a, sizeof(mbedtls_test_rnd_pseudo_info));
|
||||||
|
|
||||||
TEST_ASSERT(mbedtls_pk_parse_keyfile(&key, key_file, NULL,
|
TEST_ASSERT(mbedtls_pk_parse_keyfile(&key, key_file, NULL) == 0);
|
||||||
mbedtls_test_rnd_std_rand, NULL) == 0);
|
|
||||||
|
|
||||||
/* Turn the PK context into an opaque one. */
|
/* Turn the PK context into an opaque one. */
|
||||||
TEST_EQUAL(mbedtls_pk_get_psa_attributes(&key, PSA_KEY_USAGE_SIGN_HASH, &key_attr), 0);
|
TEST_EQUAL(mbedtls_pk_get_psa_attributes(&key, PSA_KEY_USAGE_SIGN_HASH, &key_attr), 0);
|
||||||
@ -326,8 +325,7 @@ void x509_csr_check_opaque(char *key_file, int md_type, int key_usage,
|
|||||||
TEST_ASSERT(mbedtls_x509write_csr_set_ns_cert_type(&req, cert_type) == 0);
|
TEST_ASSERT(mbedtls_x509write_csr_set_ns_cert_type(&req, cert_type) == 0);
|
||||||
}
|
}
|
||||||
|
|
||||||
ret = mbedtls_x509write_csr_pem(&req, buf, sizeof(buf) - 1,
|
ret = mbedtls_x509write_csr_pem(&req, buf, sizeof(buf) - 1);
|
||||||
mbedtls_test_rnd_pseudo_rand, &rnd_info);
|
|
||||||
|
|
||||||
TEST_ASSERT(ret == 0);
|
TEST_ASSERT(ret == 0);
|
||||||
|
|
||||||
@ -431,10 +429,10 @@ void x509_crt_check(char *subject_key_file, char *subject_pwd,
|
|||||||
MD_OR_USE_PSA_INIT();
|
MD_OR_USE_PSA_INIT();
|
||||||
|
|
||||||
TEST_ASSERT(mbedtls_pk_parse_keyfile(&subject_key, subject_key_file,
|
TEST_ASSERT(mbedtls_pk_parse_keyfile(&subject_key, subject_key_file,
|
||||||
subject_pwd, mbedtls_test_rnd_std_rand, NULL) == 0);
|
subject_pwd) == 0);
|
||||||
|
|
||||||
TEST_ASSERT(mbedtls_pk_parse_keyfile(&issuer_key, issuer_key_file,
|
TEST_ASSERT(mbedtls_pk_parse_keyfile(&issuer_key, issuer_key_file,
|
||||||
issuer_pwd, mbedtls_test_rnd_std_rand, NULL) == 0);
|
issuer_pwd) == 0);
|
||||||
|
|
||||||
issuer_key_type = mbedtls_pk_get_type(&issuer_key);
|
issuer_key_type = mbedtls_pk_get_type(&issuer_key);
|
||||||
|
|
||||||
@ -522,8 +520,7 @@ void x509_crt_check(char *subject_key_file, char *subject_pwd,
|
|||||||
if (set_subjectAltNames) {
|
if (set_subjectAltNames) {
|
||||||
TEST_ASSERT(mbedtls_x509write_crt_set_subject_alternative_name(&crt, san_list) == 0);
|
TEST_ASSERT(mbedtls_x509write_crt_set_subject_alternative_name(&crt, san_list) == 0);
|
||||||
}
|
}
|
||||||
ret = mbedtls_x509write_crt_pem(&crt, buf, sizeof(buf),
|
ret = mbedtls_x509write_crt_pem(&crt, buf, sizeof(buf));
|
||||||
mbedtls_test_rnd_pseudo_rand, &rnd_info);
|
|
||||||
TEST_ASSERT(ret == 0);
|
TEST_ASSERT(ret == 0);
|
||||||
|
|
||||||
pem_len = strlen((char *) buf);
|
pem_len = strlen((char *) buf);
|
||||||
@ -565,9 +562,7 @@ void x509_crt_check(char *subject_key_file, char *subject_pwd,
|
|||||||
TEST_ASSERT(memcmp(buf, check_buf, pem_len - 1) == 0);
|
TEST_ASSERT(memcmp(buf, check_buf, pem_len - 1) == 0);
|
||||||
}
|
}
|
||||||
|
|
||||||
der_len = mbedtls_x509write_crt_der(&crt, buf, sizeof(buf),
|
der_len = mbedtls_x509write_crt_der(&crt, buf, sizeof(buf));
|
||||||
mbedtls_test_rnd_pseudo_rand,
|
|
||||||
&rnd_info);
|
|
||||||
TEST_ASSERT(der_len >= 0);
|
TEST_ASSERT(der_len >= 0);
|
||||||
|
|
||||||
if (der_len == 0) {
|
if (der_len == 0) {
|
||||||
@ -625,8 +620,7 @@ void x509_crt_check(char *subject_key_file, char *subject_pwd,
|
|||||||
#endif
|
#endif
|
||||||
der_len -= 1;
|
der_len -= 1;
|
||||||
|
|
||||||
ret = mbedtls_x509write_crt_der(&crt, buf, (size_t) (der_len),
|
ret = mbedtls_x509write_crt_der(&crt, buf, (size_t) (der_len));
|
||||||
mbedtls_test_rnd_pseudo_rand, &rnd_info);
|
|
||||||
TEST_ASSERT(ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL);
|
TEST_ASSERT(ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL);
|
||||||
|
|
||||||
exit:
|
exit:
|
||||||
|
|||||||
Reference in New Issue
Block a user